The animation from 'user with a laptop' to 'general with a sword' gave me some huge Macromedia Dreamweaver Flash animations throwback.

2:53 Just one correction: that last packet should be ACK, not FIN. The same side doesn't send another FIN (unless the first one gets lost), but it does need to ACKnowledge the other side's FIN. (Also, a clarification. This is a common way to label handshakes when talking about TCP. Really, SYN, FIN, and ACK are flags. Only the packets labeled as such have the SYN and FIN flags, because they are used only for those purposes. But ACK is in very nearly every packet, because you always need to acknowledge the other side's state, except with the very first packet that opens a connection, which will only have SYN set. But for purposes of talking about handshakes, we only mark it where it relates to SYN and FIN packets.)

I was surprised when this video ended.

I can't relate to this, friend of mine used to hang up during saying goodbye. So I always received a partial goodbye and never a chance to say goodbye myself.

My idea is just as unsatisfactory and would add more noise, but an "Attack" with a second delayed "Attack" by some arbitrary amount of time and same for "Received" and delayed "Received." Unsatisfactory because both can still be lost, so it just kicks the can down the road with "What if more redundancy?" Sometimes though with these problems one redundant measure is safe enough, maybe two, rarely three, but analyses are done for safety engineering for how much redundancy is statistically enough so that we don't go out of budget or over materials or some other criteria they need to remain below...

Loving the snazzy animations, thank you 👍🏼

Fascinating

Can't either/both sides ping each other periodically and if there's no response in a timeout of 60 seconds to consider the connection closed? I think it's called check-alive heartbeat or something.

Wonderful explanation. I will use this

Nice with a video about (negative/positive) proofs, and why some things are unavoidable ugly.

Just described a denial of service attack. Send 1000s of syn messages and ignore the syn ack measages.

What's the problem of having the message be "Attack at [time] if [2 or more] messages come. Also don't stop sending messages until say... 4 has been recieved?"

0:31 hey dont call me out like that

So do they even send a "FIN" message at all or was that just a hypothetical to demonstrate the problem? I understand that it cannot be verified due to the problem being unsolvable but is that packet even sent at all just to save on server "resources" or smth?

You should really explain the SYN flood attack and ACK bugs. This was more of the old school "You can't trust the computers". Bugs are found everyday, but are also fixed everyday.

is this somehow connected with the two-phase-commit protocol for distributed transactions? or analog kind of problem?

And peers can stop responding without sending a FIN in any case. One reason keepalive and other pings exist is to check that a connection is still alive. There's never a guarantee of an orderly close and an orderly close should never be relied upon.

0:59 - Why does Professor Clegg call this a three-way handshake? Who is the third party in this handshake? It's not in any of the diagrams he draws, which have only "Client" and "Server".

I don't think his General was carrying a sword...

To be fair, If your willing to hand wave away the wait at the beginning then it's fair to hand wave away the wait at the ending.

polite protocol 😂

Computers need "attack at dawn" message and "approved, attacking at dawn" and then waiting until dawn unless the message wasn't acquired and you send "attack at dawn" again and they reply again until no more "attack at dawn" message.

Why even wait for another response? Just assume the connection was terminated after receiving the first "fin", respond once and don't care about it anymore :D Also timeouts help in real life of course.

I saw tom scotts video about this problem and he talked about idempotency tokens. Does that not solve the issue or is this in a different context?

Just as an idea, TCP reliability relies on the sender to assume lost packets and resend. What it if was the other way around? What if instead, the receiver was in charge of handling reliability? I.e. instead of: Sender - Msg2 Receiver - ACK Msg2 Sender - Msg3 Receiver - ACK Msg3 ... Do Receiver - REQ Msg2 Sender - Msg2 Receiver - REQ Msg3 Sender - Msg3 ... On the surface they seem the same, but it does allow for a slight modification at the end. Receiver - REQ Msg101 Sender - Msg101 Receiver - REQ Msg102 Sender - Msg102 FIN That way the FIN is in the final message itself. Given that the receiver is in charge of reliability, the receiver will send another REQ if it didn't receive the packet, so a simple timeout after last message would suffice. I know the immediate point is that the sender doesn't KNOW the last message was received, but as this whole video points out, that's already an issue with the current system. As a benefit though, the server that has many simultaneous connections isn't sending out unnessessary duplicate messages because it didn't receive an ACK. I would assume this would reduce line congestion coming out of the server given that the potential unnecessary duplicate messages would be on the client side.

g..g..granville get yer mop!

for me personally my hardest fin was when my dad died recently :(

If you have a standing order to attack at a future time which resets if it is cancelled requiring an ack.

Doesn't block chain solve this problem?

Fork handles !?!

For the almighty algorithm and assorted generals

Like for first comment!

Can you rename this to byzantine general's problem? This is the official name of it. What you called it makes no sense.

well, there's 10 minutes wasted!